Fix towards the new password expiration policy

This commit is contained in:
Pinga 2025-02-11 23:37:17 +02:00
parent ddfb8fed75
commit 6968bfafa2
7 changed files with 191 additions and 9 deletions

View file

@ -93,14 +93,15 @@ class AuthController extends Controller
unset($_SESSION['2fa_email'], $_SESSION['2fa_password'], $_SESSION['is2FAEnabled']);
if ($login===true) {
$db = $container->get('db');
// Check if password renewal is needed
$passwordLastChanged = $_SESSION['password_last_changed'][$_SESSION['auth_user_id']] ?? 0;
if (checkPasswordRenewal($passwordLastChanged)) {
$passwordLastUpdated = $db->selectValue('SELECT password_last_updated FROM users WHERE id = ?', [$_SESSION['auth_user_id']]);
if (checkPasswordRenewal($passwordLastUpdated)) {
Auth::logout();
redirect()->route('forgot.password')->with('error','Your password is expired. Please change it');
}
$db = $container->get('db');
$currentDateTime = new \DateTime();
$currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp
$db->insert(